Building a minimal web server for testing Kubernetes

I have recently been doing some work with Kubernetes, and wanted
to put together a minimal image with which I could test service and
pod deployment. Size in this case was critical: I wanted something
that would download quickly when initially deployed, because I am
often setting up and tearing down Kubernetes as part of my testing
(and some of my test environments have poor external bandwidth).

Building thttpd

My go-to minimal webserver is thttpd. For the normal case,
building the software is a simple matter of ./configure followed by
make. This gets you a dynamically linked binary; using ldd you
could build a Docker image containing only the necessary shared
libraries:

…and it keeps running. This gives a filesystem that is almost
exactly 3MB in size. Can we do better?

Building a static binary

In theory, building a static binary should be as simple as:

$ make CCOPT='-O2 -static'

But on my Fedora 21 system, this gets me several warnings:

thttpd.c:(.text.startup+0xf81): warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
thttpd.c:(.text.startup+0x146d): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
thttpd.c:(.text.startup+0x65d): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

Bummer. It looks like the NSS libraries are still biting us, and it
looks as if statically compiling code that uses NSS may be tricky.
Fortunately, it’s relatively simple to patch out the parts of the
thttpd code that are trying to switch to another uid/gid. The
following patch will do the trick: